QRadar Firmware v3.2.1 for xSeries M5 Appliances (IMM/ISO for remote installations)

***IMPORTANT SSD NOTICE***: QRadar Support is investigating a data loss issue associated to M5 v3.2.1 firmware and Samsung solid state drives (SSDs): FRU 01GR787, Model number MZILS3T8HMLHV3. See: http://ibm.biz/qradarm5ssd for more info.

Part 1: About the M5 Firmware 3.2.1 ISO Update

The M5 firmware update 3.2.1 is intended to remotely update firmware on appliances. This firmware includes multiple security vulnerabilities and updates to address CVE-2018-3639 and CVE-2018-3640. For more information, refer to Lenovo's Security Advisory page for additional information:  https://support.lenovo.com/product_security/home.  Administrators must update their IMM using the included .UXZ file before they can mount and reboot with the ISO is required to install the firmware update. Updating the IMM2 firmware as the first step prevents installation issues when the core firmware update is applied. The installation instructions are located on tab named 'Part 2. Installing Firmware Updates'. These instructions have been updated to guide customers through a remote upgrade of their firmware. For more information about QRadar firmware, see our FAQ page at http://ibm.biz/qradarfirmware

Important: If your appliance is in a HA pair, there are configuration steps required to set the status properly for your primary and secondary high-availability appliances. For more information, see: http://www.ibm.com/support/docview.wss?uid=swg27047121#HA.

Supported appliances, types, and model information

This firmware update applies to the following IBM Security QRadar M5 appliances, server type, or Machine type models:

Important file changes and prerequisites in this firmware update

The table below lists the software versions contained within the firmware package. The core change in this release (3.2.1) is to provide new UEFI microcode security updates and IMM2 updates for administrators. Administrators must ensure that their M5 appliance includes the minimum version outlined in the Prerequisite version column, if any pre-requisites are defined.

Security issues resolved in this firmware update

The table below lists the software versions contained within the firmware package and the applicable CVEs addressed in this firmware release.

NOTE: Administrators can use any text editor to review a detailed change list for firmware update v3.2.1. Click the .txt file and open the document in any text editor program.

QRadar_All_M5_1U_MT8869_x3550_2U_MT8871_x3650_3_2_1.txt
 

Where do you find more information?

***IMPORTANT SSD NOTICE***: QRadar Support is investigating a data loss issue associated to M5 v3.2.1 firmware and Samsung solid state drives (SSDs): FRU 01GR787, Model number MZILS3T8HMLHV3. See: http://ibm.biz/qradarm5ssd for more info.

A. Before you begin

• Administrators MUST enable IMM.Over.LAN on the xSeries appliance BEFORE the firmware update is applied. For information on how to enable this setting, see: http://www.ibm.com/support/docview.wss?uid=swg21982944.
• If your appliances are in a HA pair, you must prepare your high-availability appliances using the instructions found here: http://www.ibm.com/support/docview.wss?uid=swg27047121#HA.
• A number of hard disk drive updates can be installed by this firmware. The HDD update tool examines the hard disk drive types that are present and selects the most current firmware level that is available based on the drive type automatically.
• The base system pack contains other firmware packages that are not in QRadar appliances. Therefore, these packages are displayed during the update with a status of "undetected" and not selected to be updated. The administrator can disregard any packages labeled as undetected
• If the Emulex card firmware does not install as intended or you experience an issue, you can continue the firmware installation and any Emulex issues will be addressed in the next firmware update. If you do not have an Emulex card with your appliance, the installation instructions include a screen capture of the error message that is generated during the firmware install.

B. Downloading and extracting the firmware update

1. Download the QRadar M5 appliance firmware update from IBM Fix Central: http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Other+software/IBM+Security+QRadar+SIEM&release=7.3.0&platform=All&function=fixId&fixids=7.3.1-QRADAR-FIRMWARE-M5-QRadar-QNI-PCAP-QIF-3.2.1&includeSupersedes=0&source=fc


2. Copy the M5 appliance firmware EXE to a directory on the Windows host.


3. Double-click on the file: Qradar_All_ISO_M5_1U_MT8869_x3550_2U_MT8871_x3650_3_2_1.exe.


4. Select or type a directory path for the M5 firmware update and click Extract.
   


5. The following files are extracted to the Windows host.
   

C. Updating the IMM firmware

1. Log in to the IMM interface on your QRadar M5 appliance.
2. Select Server Management > Server Firmware from the menu.
   
3. Click Update Firmware
   
4. Click Select File and browser to the IMM2 firmware update: oem_fw_imm2_tcoe44c-4.90_anyos_noarch.uxz.
   
5. Click Next to upload and verify the IMM2 firmware file.
   
6. Wait for the update the primary and secondary firmware banks to complete.
   
7. Click Restart IMM and clear your browser cache.
   
   Results
   After the IMM interface reboots, log in to the IMM and continue to the next section to mount the firmware ISO and configure the boot options.

D. Mounting the M5 Firmware ISO & Reboot Procedure

1. Click on Remote Control.
   
2. To start the Remote Control session click on use Active X for Internet Explorer or Java for all other Browsers.
3. Click on Start Remote Control in Single User Mode.
   NOTE: Administrators should always use single user mode for remote connections for updates.
4. Administrators should leave the Allow others to request my remote session disconnect check box clear. It is not recommended for administrators to allow other users to request the active session for firmware updates.
5. From the menu, select Virtual Media > Activate.
   
6. From the menu, select Virtual Media > Select Devices to Mount.
   
7. From the Devices window click on Add Image.
   
8. Locate the ISO image you wish to use. Click Open.
   
9. Select the CD/DVD QRadar_All_M5 is highlighted and verify that the Mapped check box is selected.
   
10. Click Mount Selected.
    
11. Power Up or Reboot the system to start the software installation process.
12. As the appliance is rebooting, press the F12 key to select a boot device.
    
13. At the Boot Devices Manager window use the arrow keys to navigate.
14. Administrators must clear the Legacy Mode check box, then select the CD/DVDM option and press ENTER.
    
15. The boot screen for the appliance is displayed. The IBM ToolsCenter Welcome page is displayed.
    
16. When prompted, select the Updates option.
    
17. Verify that the Updates list shows the correct machine type for the appliance.

    Hardware	Details
    Server Type	x3550 M5 x3650 M5
    Server Machine Type	MT 8869 MT 8871

    
    NOTE: For example, System x3650 M5 -- machine type 8871.
     
18. To start the update link, select Click here to start update.
    
19. Select your language and click I accept the terms in the license agreement to continue.
    
20. The IBM UpdateXpress System Pack Installer compares the current package with the installed firmware.
    
21. Verify that all check Suggested boxes are selected. Some end users have reported issues where uEFI updates were not selected by default.
    
22. If your M5 appliance has a secondary firmware bank it will be updated automatically.
    Important: Administrators should be aware that if you are prompted with a Target the secondary firmware bank check box, you should click Next without selecting this option. If you target the secondary firmware back the installer will IGNORE the firmware update to the primary bank and the installation will need to be reapplied to update the primary firmware bank for the appliance.
23. To start applying the updates, click Next on the Update Options page.
    
    The bootable media creator starts to install firmware on the M5 appliance.
     
24. Verify that all the firmware updates are applied, and click Next to complete the update.
    
25. After the update is complete, click Save Log to save the installation log to the USB flash drive. This file can be provided to support in case any issues occurred during the update.
    
26. Select the USB flash drive and click OK.
    
27. When all updates are complete, click Finish to reboot the appliance.
28. The appliance reboots and starts up normally.

Emulex Update Error Messages

Where do you find more information?